21.4. Apache HTTP Server Configuration

The HTTP Configuration Tool allows you to configure the /etc/httpd/conf/httpd.conf configuration file for the Apache HTTP Server. It does not use the old
srm.conf or access.conf configuration files; leave them empty. Through the graphical interface, you can configure directives such as virtual hosts, logging attributes, and maximum number of connections. To start the HTTD Configuration Tool, click on System => Administration => Server Settings => HTTP.

Only modules provided with Red Hat Enterprise Linux can be configured with the HTTP Configuration Tool. If additional modules are installed, they can not be configured using this tool.

Caution

Do not edit the /etc/httpd/conf/httpd.conf configuration file by hand if you wish to use this tool. The HTTP Configuration Tool generates this file after you save your
changes and exit the program. If you want to add additional modules or configuration options that are not available in HTTP Configuration Tool, you cannot use this tool.

The general steps for configuring the Apache HTTP Server using the HTTP Configuration Tool are as follows:

Configure the basic settings under the Main tab.

Click on the Virtual Hosts tab and configure the default settings.

Under the Virtual Hosts tab, configure the Default Virtual Host.

To serve more than one URL or virtual host, add any additional virtual hosts.

Configure the server settings under the Server tab.

Configure the connections settings under the Performance Tuning tab.

Copy all necessary files to the DocumentRoot and cgi-bin directories.

Exit the application and select to save your settings.

21.4.1. Basic Settings

Enter a fully qualified domain name that you have the right to use in the Server Name text area. This option corresponds to the
ServerName directive in httpd.conf. The ServerName directive sets
the hostname of the Web server. It is used when creating redirection URLs. If you do not define a server name, the Web server attempts to resolve it from the IP address of the system. The server name does not have to be the domain name resolved from
the IP address of the server. For example, you might set the server name to www.example.com while the server's real DNS name is foo.example.com.

Enter the email address of the person who maintains the Web server in the Webmaster email address text area. This option corresponds to the
ServerAdmin directive in httpd.conf. If you configure the server's error pages to contain an email
address, this email address is used so that users can report a problem to the server's administrator. The default value is root@localhost.

Use the Available Addresses area to define the ports on which the server accepts incoming requests. This option corresponds to the
Listen directive in httpd.conf. By default, Red Hat configures the Apache HTTP Server to listen to
port 80 for non-secure Web communications.

Click the Add button to define additional ports on which to accept requests. A window as shown in Figure 21.2, “Available Addresses” appears. Either choose the Listen to all
addresses option to listen to all IP addresses on the defined port or specify a particular IP address over which the server accepts connections in the Address field. Only specify one IP address per port
number. To specify more than one IP address with the same port number, create an entry for each IP address. If at all possible, use an IP address instead of a domain name to prevent a DNS lookup failure. Refer to
http://httpd.apache.org/docs/2.2/dns-caveats.html for more information about Issues Regarding DNS and Apache.

Entering an asterisk (*) in the Address field is the same as choosing Listen to all addresses. Clicking the Edit button in the
Available Addresses frame shows the same window as the Add button except with the fields populated for the selected entry. To delete an entry, select it and click the
Delete button.

Tip

If you set the server to listen to a port under 1024, you must be root to start it. For port 1024 and above, httpd can be started as a regular user.

21.4.2. Default Settings

Clicking on Edit will display the Virtual Host Properties window from which you can set your preferred settings. To add new settings, click on the Add button which will also display the Virtual Host Properties window. Clicking on the Edit Default Settings button, displays the Virtual Host Properties window without the General Options tab.

In the General Options tab, you can change the hostname, the document root directory and also set the webmaster's email address. In the Host information, you can set the Virtual Host's IP Address and Host Name. The figure below illustrates the General Options tab.

If you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.

21.4.2.1. Site Configuration

The figure below illustrates the Page Optionstab from which you can configure the Directory Page Search List and Error Pages. If you are unsure of these settings, do not modify them.

The entries listed in the Directory Page Search List define the DirectoryIndex directive. The
DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.

For example, when a user requests the page http://www.example.com/this_directory/, they are going to get either the DirectoryIndex page, if it exists, or a server-generated
directory list. The server tries to find one of the files listed in the DirectoryIndex directive and returns the first one it finds.
If it does not find any of these files and if Options Indexes is set for that directory, the server generates and returns a list, in HTML format, of the subdirectories and files in the directory.

Use the Error Code section to configure Apache HTTP Server to redirect the client to a local or external URL in the event of a problem or error. This option corresponds to the
ErrorDocument directive. If a problem or error occurs when a client tries to connect to the Apache HTTP Server, the default action is
to display the short error message shown in the Error Code column. To override this default configuration, select the error code and click the Edit button. Choose
Default to display the default short error message. Choose URL to redirect the client to an external URL and enter a complete URL, including the
http://, in the Location field. Choose File to redirect the client to an internal URL and enter a file location under the document root
for the Web server. The location must begin the a slash (/) and be relative to the Document Root.

For example, to redirect a 404 Not Found error code to a webpage that you created in a file called 404.html, copy 404.html to
DocumentRoot/../error/404.html. In this case, DocumentRoot is the Document Root directory that you have defined (the default is
/var/www/html/). If the Document Root is left as the default location, the file should be copied to /var/www/error/404.html. Then, choose
File as the Behavior for 404 - Not Found error code and enter /error/404.html as the
Location.

From the Default Error Page Footer menu, you can choose one of the following options:

Show footer with email address — Display the default footer at the bottom of all error pages along with the email address of the website maintainer specified by the
ServerAdmin directive.

Show footer — Display just the default footer at the bottom of error pages.

No footer — Do not display a footer at the bottom of error pages.

21.4.2.2. SSL Support

The mod_ssl enables encryption of the HTTP protocol over SSL. SSL (Secure Sockets Layer) protocol is used for communication and encryption over TCP/IP networks. The SSL tab enables you to configure SSL for your server. To configure SSL you need to provide the path to your:

Certificate file - equivalent to using the SSLCertificateFile directive which points the path to the PEM (Privacy Enhanced Mail)-encoded server certificate file.

Key file - equivalent to using the SSLCertificateKeyFile directive which points the path to the PEM-encoded server private key file.

Certificate chain file - equivalent to using the SSLCertificateChainFile directive which points the path to the certificate file containing all the server's chain of certificates.

Certificate authority file - is an encrypted file used to confirm the authenticity or identity of parties communicating with the server.

FakeBasicAuth - enables standard authentication methods used by Apache. This means that the Client X509 certificate's Subject Distinguished Name (DN) is translated into a basic HTTP username.

ExportCertData - creates CGI environment variables in SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAIN_n where n is a number 0,1,2,3,4... These files are used for more certificate checks by CGI scripts.

21.4.2.3. Logging

Use the Logging tab to configure options for specific transfer and error logs.

By default, the server writes the transfer log to the /var/log/httpd/access_log file and the error log to the /var/log/httpd/error_log file.

The transfer log contains a list of all attempts to access the Web server. It records the IP address of the client that is attempting to connect, the date and time of the attempt, and the file on the Web server that it is trying to retrieve. Enter the
name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as configured. This option corresponds to the
TransferLog directive.

The error log contains a list of any server errors that occur. Enter the name of the path and file in which to store this information. If the path and file name do not start with a slash (/), the path is relative to the server root directory as
configured. This option corresponds to the ErrorLog directive.

Use the Log Level menu to set the verbosity of the error messages in the error logs. It can be set (from least verbose to most verbose) to emerg, alert, crit, error, warn, notice, info or debug. This option
corresponds to the LogLevel directive.

If you choose Reverse Lookup, your server automatically resolves the IP address for each connection which requests a document from your Web server. Resolving the IP address means that your server makes one or more
connections to the DNS in order to find out the hostname that corresponds to a particular IP address.

If you choose Double Reverse Lookup, your server performs a double-reverse DNS. In other words, after a reverse lookup is performed, a forward lookup is performed on the result. At least one of the IP addresses in
the forward lookup must match the address from the first reverse lookup.

Generally, you should leave this option set to No Reverse Lookup, because the DNS requests add a load to your server and may slow it down. If your server is busy, the effects of trying to perform these reverse
lookups or double reverse lookups may be quite noticeable.

Reverse lookups and double reverse lookups are also an issue for the Internet as a whole. Each individual connection made to look up each hostname adds up. Therefore, for your own Web server's benefit, as well as for the Internet's benefit, you should
leave this option set to No Reverse Lookup.

21.4.2.4. Environment Variables

Use the Environment tab to configure options for specific variables to set, pass, or unset for CGI scripts.

Sometimes it is necessary to modify environment variables for CGI scripts or server-side include (SSI) pages. The Apache HTTP Server can use the mod_env module to configure the environment variables which are passed
to CGI scripts and SSI pages. Use the Environment Variables page to configure the directives for this module.

Use the Set for CGI Scripts section to set an environment variable that is passed to CGI scripts and SSI pages. For example, to set the environment variable MAXNUM to
50, click the Add button inside the Set for CGI Script section, as shown in Figure 21.8, “Environment Variables”, and type
MAXNUM in the Environment Variable text field and 50 in the Value to set text field. Click
OK to add it to the list. The Set for CGI Scripts section configures the
SetEnv directive.

Use the Pass to CGI Scripts section to pass the value of an environment variable when the server is first started to CGI scripts. To see this environment variable, type the command
env at a shell prompt. Click the Add button inside the Pass to CGI Scripts section and enter the name of the environment variable in the
resulting dialog box. Click OK to add it to the list. The Pass to CGI Scripts section configures the
PassEnv directive.

To remove an environment variable so that the value is not passed to CGI scripts and SSI pages, use the Unset for CGI Scripts section. Click Add in the
Unset for CGI Scripts section, and enter the name of the environment variable to unset. Click OK to add it to the list. This corresponds to the
UnsetEnv directive.

To edit any of these environment values, select it from the list and click the corresponding Edit button. To delete any entry from the list, select it and click the corresponding
Delete button.

21.4.2.5. Directories

Click the Edit button in the top right-hand corner to configure the Default Directory Options for all directories that are not specified in the
Directory list below it. The options that you choose are listed as the Options directive within the
<Directory> directive. You can configure the following options:

ExecCGI — Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.

Indexes — Display a formatted list of the directory's contents, if no DirectoryIndex (such as index.html) exists in the requested
directory.

Multiview — Support content-negotiated multiviews; this option is disabled by default.

SymLinksIfOwnerMatch — Only follow symbolic links if the target file or directory has the same owner as the link.

To specify options for specific directories, click the Add button beside the Directory list box. A window as shown in Figure 21.10, “Directory Settings” appears. Enter
the directory to configure in the Directory text field at the bottom of the window. Select the options in the right-hand list and configure the
Order directive with the left-hand side options. The Order directive controls the order in which
allow and deny directives are evaluated. In the Allow hosts from and Deny hosts from text field, you can specify one of the following:

Allow all hosts — Type all to allow access to all hosts.

Partial domain name — Allow all hosts whose names match or end with the specified string.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.